The relentless semiconductor scaling has resulted in a tremendous increase in manufacturing cost. As a result, many design houses have gone fabless and rely on foreign low-cost fabrication facilities to manufacture their products. Yet the globalization of semiconductor fabrication has posed a new security threat: as the trustworthiness of these facilities remain unknown, malicious parties or attackers can possibly insert malicious hardware, commonly referred to as Hardware Trojans, directly into the chip during the manufacturing process. Depending on the payload, there are two different types of hardware Trojans; Trojans that affects the functionality or reliability of a chip, and Trojans that capture the data being processed by a chip, known as data leakage Trojan. The consequences of data leakage Trojan can be devastating, as it can allow attackers to obtain encryption keys as they are processed or to possibly allow privilege escalation on a system.
Data leakage Trojan is usually very hard to detect for two reasons: it can maintain the original functionality of a chip even when triggered; and it typically results in little or no increase in the chip's area or power consumption. As such, it is almost impossible to detect it using methods such as runtime monitoring or post-silicon testing [1, 2]. On the other hand, in order for an attacker to successfully inject a data leakage Trojan, he or she must have a complete understanding of the design, so that critical information at desired locations can be obtained. This can be done either before fabrication by inspecting the netlist and layout, or after fabrication by reverse-engineering a chip procured from the fabrication facility or on the market. The former requires less effort yet the netlist and layout information is sometimes protected and not accessible to an attacker.
Based on this requirement, the most effective approaches to resist data leakage Trojan is through design for security (DFS) [3]. DFS focuses on making the design harder for the attacker to understand. The existing approaches include logic obfuscation, layout camouflaging or split manufacturing [3]. Obfuscation is a method of reworking the logic flow so that the actual computation being performed is not readily apparent [4]. This can mean convoluting the function with unnecessary paths/gates or even adding additional states or dead ends to state machines. Layout camouflaging performs similar obfuscation but on the layout [5]. Careful layouts can make a NAND and NOR gate look identical, which greatly increases the effort to decipher a full layout. Split manufacturing breaks up the design into lowest level silicon and upper level metals [6]. The two pieces are manufactured separately preventing an attacker in one location from having access to a complete design.
All these DFS methods focus on increasing the difficulty of establishing data leakage channels by the hardware Trojan. They can still be compromised when the same design undergoes multiple fabrication runs, which is quite often for large volume commercial products. In this case, attackers can procure a fabricated chip from one run and reverse-engineer the design. The hardware Trojans can then be designed and injected in subsequent runs. This scenario has mostly been overlooked and it remains an open question in the literature how to prevent data leakage when side channels are successfully established. This invention serves to provide a circuit-level design technique that can partially resist data leakage in sequential logics after data leakage Trojan is injected.